Tag: infosec

A few quotes from my keynote at SecureWorld Boston

Following the outstanding SecureWorld Boston event, my friends at SecureWorld shared Highlights and Insights from SecureWorld Boston 2023 and were kind enough to include a few quotes from my lunch keynote — let me know what you think and please offer your perspective on these ideas: For my friends in the Houston area, get ready,…

Read More

Join me and #EnterpriseUniversity for Real-World Cyber Risk Management and Resilience Planning on March 28, 2023!

On Tuesday, March 28, 2023, I will be teaching a class on Real-World Cyber Risk Management and Resilience Planning as part of #EnterpriseUniversity Enterprise Bank & Trust’s education program for business leaders and professionals! Join me for this course, and take a look at all of the live, virtual courses available at no cost to…

Read More

Boston Area Friends – Join me for the lunch keynote at SecureWorld Boston on March 23!

I am super excited to share that next week I will be headed to Boston to speak at one of my absolute favorite conferences each year — the United States’ preeminent cybersecurity conference — SecureWorld! On Thursday, March 23, 2023, I will present the lunch keynote on Cybersecurity Really Is a Team Sport, since folks…

Read More

The White House Cybersecurity Plan – the Devil is in the Details

“The devil is in the details” — that about sums up my take on the White House Cybersecurity Plan. Many thanks to Lily Newman for including this and some other points from our discussion in her Wired article The High-Stakes Blame Game in the White House Cybersecurity Plan. I appreciate that the Administration is talking…

Read More

Charlotte, NC Area Friends – Join me at SecureWorld Charlotte on March 1 & 2!

I am super excited to share that next week I will be headed to Charlotte, North Carolina to speak at one of my absolute favorite conferences each year — the United States’ preeminent cybersecurity conference — SecureWorld! On Wednesday, March 1, 2023, I will be leading a full day workshop for SecureWorld Plus registrants on…

Read More

SEC Continues to Emphasize Importance of Cybersecurity and Cyber Risk Governance

“While this is an oversimplification of all of the requirements and nuances of the forthcoming SEC rules, the SEC’s objectives are to require companies to provide meaningful and actionable information to shareholders to better understand companies’ cyber risks and how companies are managing and responding to them. From a very high level, this can be…

Read More

Feds Will Not Charge Good Faith Security Research Under the CFAA

On May 19, 2022, the U.S. Department of Justice directed prosecutors to not charge security researchers who report cybersecurity vulnerabilities in “good faith” with violations of the federal Computer Fraud and Abuse Act (CFAA). The DOJ’s press release titled Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act…

Read More

Why does cyber warfare involving Russia and Ukraine increase the risk of cyberattacks against your business?

There are many reasons why the ongoing cyber warfare involving Russia and Ukraine increases the risk of cyberattacks against your business, but, one of the simplest explanations comes from a recent joint FBI and Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity Advisory (Destructive Malware Targeting Organizations in Ukraine) that was published on February 26, 2022:…

Read More

StopRansomware.gov – the U.S. Government’s One-Stop Resource for Ransomware

The U.S. Government has launched a new resource to help combat the ransomware pandemic. Below is the relevant information it has shared: The U.S. Government launched a new website to help public and private organizations defend against the rise in ransomware cases. StopRansomware.gov is a whole-of-government approach that gives one central location for ransomware resources…

Read More

MFA Could Have Prevented the Ransomware Attack on Colonial Pipeline, According to its CEO

On June 8, 2021, Colonial Pipeline CEO Joseph Blount testified to a U.S. Senate committee about the recent ransomware attack on the company. While most of the attention to his testimony has been focused on the propriety of paying the roughly $4.4 million ransom payment to the DarkSide hacking group, I believe there is a…

Read More
%d bloggers like this: